40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
|
---
|
||
|
|
- hosts: all
|
||
|
|
become: true
|
||
|
|
|
||
|
|
handlers:
|
||
|
|
- name: restart ssh
|
||
|
|
service: name=sshd state=restarted
|
||
|
|
|
||
|
|
tasks:
|
||
|
|
- name: Configure sshd to read from authorized_keys.d
|
||
|
|
lineinfile:
|
||
|
|
path: /etc/ssh/sshd_config
|
||
|
|
regexp: '^AuthorizedKeysFile.*$'
|
||
|
|
line: AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
|
||
|
|
notify: restart ssh
|
||
|
|
|
||
|
|
- name: Ensure authorized_keys.d
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: /etc/ssh/authorized_keys.d
|
||
|
|
state: directory
|
||
|
|
|
||
|
|
- name: Configure authorized keys
|
||
|
|
ansible.builtin.copy:
|
||
|
|
src: ~/.ssh/ansible_sysadmin_keys
|
||
|
|
dest: "/etc/ssh/authorized_keys.d/{{ sysadmin_username }}"
|
||
|
|
owner: "{{ sysadmin_username }}"
|
||
|
|
group: "{{ sysadmin_username }}"
|
||
|
|
|
||
|
|
- name: Ensure root ssh directory
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: /root/.ssh
|
||
|
|
state: directory
|
||
|
|
mode: '0700'
|
||
|
|
|
||
|
|
- name: Configure authorized keys for root
|
||
|
|
ansible.builtin.copy:
|
||
|
|
src: ~/.ssh/ansible_root_keys
|
||
|
|
dest: /root/.ssh/authorized_keys
|
||
|
|
owner: root
|
||
|
|
group: root
|